ASA - Policy NAT

Unanswered Question

Hello all,

I am trying to find out if possible to do the following:

I have a server in the DMZ: /24 and server in the inside /24 both will have the same nat ip

address outside: this can be done using policy nat. ( I think, have not done yet).

Let say the above policy nat is implemented and the real questions here are:

1. if outside users connect to then which servers the outside users will connect.

2. If posible for the outside user connect to and this will redirect to DMZ server instead of inside server

This is still in planning mode so no actual configuration has been done.

Thank you.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Nagaraja Thanthry Wed, 09/15/2010 - 13:47
User Badges:
  • Cisco Employee,


Unfortunately, you cannot do policy NAT for multiple inside IP and one public IP. You do need to find a way to differentiate the traffic on the outside interface. You can use different ports for different servers. But you cannot have both devices advertise their services using the same public IP and same port.




This Discussion